September 27, 2023

Apple has released security updates for a zero-day vulnerability that affects iPhone, iPad, Mac and Apple Watch.The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability.

Last month,the zero-day flaw named as such since it gives companies zero days to roll out a fix took advantage of a flaw in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone.

After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users.Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.

Apple Statement

The flaws exploited the latest iPhone software, both iOS 14.4 and later iOS 14.6. But also the exploit broke through new iPhone defenses that Apple had baked into iOS 14, dubbed BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code.

The researchers said the exploit takes advantage of a weakness in how Apple devices render images on the display. The same ForcedEntry exploit works on all Apple devices running, until today, the latest software.

Apple pushed out the updates for the vulnerability, known officially as CVE-2021-30860.

2 thoughts on “Apple fixes iMessage bug

Leave a Reply

%d bloggers like this: